Managing Certificates

Using a trusted SSL certificate is essential for securing all communication with your BMC. By default, the BMC uses a self-signed certificate, which is what causes the "Your connection isn't private" warning in your browser. To eliminate this warning and establish a fully secure connection, you should replace the default certificate with one signed by a trusted Certificate Authority (CA).

This chapter guides you through the process of generating a request for a new certificate and installing it on the BMC.

Generating a Certificate Signing Request (CSR)

The first step to getting a trusted certificate is to generate a Certificate Signing Request (CSR). This is an encoded block of text containing information about your organization and the BMC's domain name, which you will submit to a CA.

  1. In the sidebar menu, navigate to Security and access > Certificates.

  2. Click the Generate CSR button.

  3. Fill out the form with your organization's details. The most important field is the Common Name.

[Image, EXISTING, Source: 9.5: 顯示「產生憑證簽署請求 (CSR)」對話方塊,其中包含通用名稱、公司和國家/地區代碼等欄位的螢幕截圖。]

  • Common Name (CN): This must be the fully qualified domain name (FQDN) or IP address that you use to access the BMC in your browser (e.g., bmc-server-01.yourcompany.com).

  • Company name / unit: Your organization and department name.

  • City / State / Country Code: Your organization's location.

  • Key Pair Algorithm: Choose the desired encryption algorithm (e.g., RSA-2048).

  1. Click Generate CSR. A .csr file will be generated and downloaded to your computer.

Uploading and managing SSL certificates

Once you have submitted your CSR to a CA (like Let's Encrypt, DigiCert, etc.) and they have sent you back a signed certificate file, you can install it on the BMC.

  1. On the Certificates page, click the Add new certificate button.

  2. In the popup window, select the Certificate type (e.g., HTTPS Certificate).

  3. Click Add file and select the certificate file (.crt or .pem) that you received from your CA. You may also need to upload the private key file (.key) if it was generated separately, and any intermediate CA certificates.

  4. Click Add to upload and install the certificate.

[Image, EXISTING, Source: 9.5: 顯示「新增憑證」對話方塊,其中包含憑證類型下拉式選單和「新增檔案」按鈕的螢幕截圖。]

After the new certificate is installed, the BMC's web service may restart. You should then close your browser, reopen it, and navigate to the BMC's address. You should now see a lock icon, indicating a secure, trusted connection with no security warnings.

Best Practice: Use a trusted CA

While self-signed certificates provide encryption, they don't provide trust. Users will always see a security warning. Using a certificate from a trusted internal or public CA is a critical step for a production environment. It ensures that users can verify they are connecting to the legitimate BMC and not a malicious imposter.

PreviousSecurity PoliciesNextSystem Firewall

Last updated